Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 35862 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-46665 1 Fortinet 1 Fortios 2026-06-17 N/A 3.7 LOW
An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests.
CVE-2024-46610 1 Thecosy 1 Icecms 2026-06-17 N/A 7.5 HIGH
An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java
CVE-2024-46213 1 Redaxo 1 Redaxo 2026-06-17 N/A 7.2 HIGH
REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability.
CVE-2024-45944 1 J2eefast 1 J2eefast 2026-06-17 N/A 9.8 CRITICAL
In J2eeFAST <=2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution.
CVE-2024-45919 1 Solvait 1 Solvait 2026-06-17 N/A 6.5 MEDIUM
A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in /AssignToMe/SetAction, an attacker can bypass approval workflows leading to unauthorized access to sensitive information or approval of fraudulent requests.
CVE-2024-45825 1 Rockwellautomation 2 5015-u8ihft, 5015-u8ihft Firmware 2026-06-17 N/A 7.5 HIGH
CVE-2024-45825 IMPACT A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service.
CVE-2024-45823 1 Rockwellautomation 1 Factorytalk Batch View 2026-06-17 N/A 8.1 HIGH
CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during authentication.
CVE-2024-45810 1 Envoyproxy 1 Envoy 2026-06-17 N/A 6.5 MEDIUM
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the `sendLocalReply()` in http async client, one reason is http async client is duplicating the status code, another one is the destroy of router is called at the destructor of the async stream, while the stream is deferred deleted at first. There will be problems that the stream decoder is destroyed but its reference is called in `router.onDestroy()`, causing segment fault. This will impact ext_authz if the `upgrade` and `connection` header are allowed, and request mirrorring. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-45807 1 Envoyproxy 1 Envoy 2026-06-17 N/A 7.5 HIGH
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the `oghttp2` by default. The impact of this issue is that envoy will crash. This issue has been addressed in release version 1.31.2. All users are advised to upgrade. There are no known workarounds for this issue.
CVE-2024-45805 1 Citeum 1 Opencti 2026-06-17 N/A 4.3 MEDIUM
OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support information (SETTINGS_SUPPORT). This is due to inadequate access control for support information (http://<opencti_domain>/storage/get/support/UUID/UUID.zip), and that the UUID is available to general users using an attached query (logs query). This vulnerability is fixed in 6.3.0.
CVE-2024-45802 1 Squid-cache 1 Squid 2026-06-17 N/A 7.5 HIGH
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.
CVE-2024-45792 1 Mantisbt 1 Mantisbt 2026-06-17 N/A 6.5 MEDIUM
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users' personal system profiles. This vulnerability is fixed in 2.26.4.
CVE-2024-45761 3 Dell, Linux, Microsoft 3 Openmanage Server Administrator, Linux Kernel, Windows 2026-06-17 N/A 5.4 MEDIUM
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to the possibility of altering the behavior of certain apps/OS or Denial of Service.
CVE-2024-45752 1 Pixlone 1 Logiops 2026-06-17 N/A 8.5 HIGH
logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction.
CVE-2024-45736 1 Splunk 2 Splunk, Splunk Cloud Platform 2026-06-17 N/A 6.5 MEDIUM
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGEST_EVAL" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd).
CVE-2024-45735 1 Splunk 2 Splunk, Splunk Cloud Platform 2026-06-17 N/A 4.3 MEDIUM
In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App.
CVE-2024-45734 1 Splunk 1 Splunk 2026-06-17 N/A 4.3 MEDIUM
In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed by exporting the dashboard as a PDF, using the local image path in the img tag in the source extensible markup language (XML) code for the Splunk classic dashboard.
CVE-2024-45691 1 Moodle 1 Moodle 2026-06-17 N/A 5.4 MEDIUM
A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose comparison in the password-checking logic. This issue only affected passwords set to "magic hash" values.
CVE-2024-45663 1 Ibm 1 Db2 2026-06-17 N/A 6.5 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, 11.5, and 12.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
CVE-2024-45653 1 Ibm 1 Sterling Connect Direct Web Services 2026-06-17 N/A 4.3 MEDIUM
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system.